General
-
Target
4cb914e007d9d570cd911bd499938993bb967949a2e52a6097c8e1664bd9545e
-
Size
669KB
-
Sample
240523-c1bxxaaf7s
-
MD5
6af14c1bdf632f6ab13370781c7f8a82
-
SHA1
3c87794737284703591ad7d11b759021eac64793
-
SHA256
4cb914e007d9d570cd911bd499938993bb967949a2e52a6097c8e1664bd9545e
-
SHA512
ca64aea999c32f095873abd9806df81d8c80bb4b2c676454583c1c3b07307b6aba3ba02da735cdb9bec35bde86a024d3bd5019fedc21502a69ff009fa285c3f0
-
SSDEEP
12288:Y7qi8LkpEaOHIieVRl1taHWC77nuf6xaz1y0RSTh5/gbrDM5hQBkR:Y7xjEFWbl10H7buf00RSvCrDM5Oc
Static task
static1
Behavioral task
behavioral1
Sample
4cb914e007d9d570cd911bd499938993bb967949a2e52a6097c8e1664bd9545e.exe
Resource
win7-20231129-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.valeofarma.it - Port:
587 - Username:
[email protected] - Password:
valeofarmavero - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.valeofarma.it - Port:
587 - Username:
[email protected] - Password:
valeofarmavero
Targets
-
-
Target
4cb914e007d9d570cd911bd499938993bb967949a2e52a6097c8e1664bd9545e
-
Size
669KB
-
MD5
6af14c1bdf632f6ab13370781c7f8a82
-
SHA1
3c87794737284703591ad7d11b759021eac64793
-
SHA256
4cb914e007d9d570cd911bd499938993bb967949a2e52a6097c8e1664bd9545e
-
SHA512
ca64aea999c32f095873abd9806df81d8c80bb4b2c676454583c1c3b07307b6aba3ba02da735cdb9bec35bde86a024d3bd5019fedc21502a69ff009fa285c3f0
-
SSDEEP
12288:Y7qi8LkpEaOHIieVRl1taHWC77nuf6xaz1y0RSTh5/gbrDM5hQBkR:Y7xjEFWbl10H7buf00RSvCrDM5Oc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-